Lucene search

[email protected]NVD:CVE-2023-50082

HistoryJan 04, 2024 - 8:15 a.m.

CVE-2023-50082

2024-01-0408:15:08

[email protected]

web.nvd.nist.gov

aoyun technology

pbootcms v3.1.2

incorrect access control

remote attackers

sensitive information

session leakage

backend management platform

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.007

Percentile

79.6%

JSON

Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform.

Affected configurations

Nvd

Node

pbootcmspbootcmsMatch3.1.2

VendorProductVersionCPE
pbootcmspbootcms3.1.2cpe:2.3:a:pbootcms:pbootcms:3.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pbootcms	pbootcms	3.1.2	cpe:2.3:a:pbootcms:pbootcms:3.1.2:::::::*

References

github.com/juraorab/cve/blob/master/CVE/README.md

github.com/juraorab/cve/issues/2

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.007

Percentile

79.6%

JSON

Related for NVD:CVE-2023-50082

prion1 cve1 cvelist1